Vulnerability Name:

CVE-2020-15217 (CCN-189561)

Assigned:2020-10-07
Published:2020-10-07
Updated:2020-10-16
Summary:In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2020-15217

Source: XF
Type: UNKNOWN
glpi-cve202015217-info-disc(189561)

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/glpi-project/glpi/commit/39e25591efddc560e3679ab07e443ee6198705e2

Source: CCN
Type: GLPI GIT Repository
leakage issue with knowledge base

Source: CONFIRM
Type: Third Party Advisory
https://github.com/glpi-project/glpi/security/advisories/GHSA-x9hg-j29f-wvvv

Source: CCN
Type: GLPI Project Web site
GLPI Project

Vulnerable Configuration:Configuration 1:
  • cpe:/a:glpi-project:glpi:*:*:*:*:*:*:*:* (Version >= 9.5.0 and < 9.5.2)

    • Configuration CCN 1:
  • cpe:/a:glpi-project:glpi:0.71.3:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.71.2:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.71.1:-:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.71:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.70.2:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.70.1:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.72.4:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.71.4:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.68.3:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.80:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.80.61:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.83.2:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.80.7:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.80.2:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.78:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.83.7:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.83.8:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.83.9:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.84.1:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.84.2:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.84.7:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.85:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.85.1:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.85.2:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.85.5:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.90.2:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:0.90.4:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:9.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:9.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:9.4.0:-:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:9.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:9.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:9.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:9.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:glpi-project:glpi:9.4.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    glpi-project glpi *
    glpi-project glpi 0.71.3
    glpi-project glpi 0.71.2
    glpi-project glpi 0.71.1 -
    glpi-project glpi 0.71
    glpi-project glpi 0.70.2
    glpi-project glpi 0.70.1
    glpi-project glpi 0.72.4
    glpi-project glpi 0.71.4
    glpi-project glpi 0.68.3
    glpi-project glpi 0.80
    glpi-project glpi 0.80.61
    glpi-project glpi 0.83.2
    glpi-project glpi 0.80.7
    glpi-project glpi 0.80.2
    glpi-project glpi 0.78
    glpi-project glpi 0.83.7
    glpi-project glpi 0.83.8
    glpi-project glpi 0.83.9
    glpi-project glpi 0.84.1
    glpi-project glpi 0.84.2
    glpi-project glpi 0.84.7
    glpi-project glpi 0.85
    glpi-project glpi 0.85.1
    glpi-project glpi 0.85.2
    glpi-project glpi 0.85.5
    glpi-project glpi 0.90.2
    glpi-project glpi 0.90.4
    glpi-project glpi 9.1.4
    glpi-project glpi 9.2.1
    glpi-project glpi 9.4.0 -
    glpi-project glpi 9.3.3
    glpi-project glpi 9.3.1
    glpi-project glpi 9.4.2
    glpi-project glpi 9.4.3
    glpi-project glpi 9.4.5